cephfs_native: doc fixes

Update doc about a user, for releases after Mitaka, being able to
retrieve the access key of a Ceph auth ID using a client API.

Include other trivial fixes to improve clarity.

Closes-Bug: #1616563
Change-Id: Idb4e5f264070da32c1c302d7af4a754a38d817b8
This commit is contained in:
Ramana Raja 2016-10-03 15:20:11 +05:30
parent 360be9607e
commit 326f7b111d

@ -146,8 +146,9 @@ Create a section like this to define a CephFS backend:
cephfs_cluster_name = ceph
cephfs_enable_snapshots = True
Set ``cephfs_enable_snapshots`` to True in the section to let the driver
perform snapshot related operations.
Set ``driver-handles-share-servers`` to ``False`` as the driver does not
manage the lifecycle of ``share-servers``. To let the driver perform snapshot
related operations, set ``cephfs_enable_snapshots`` to True.
Then edit ``enabled_share_backends`` to point to the driver's backend section
using the section name. In this example we are also including another backend
@ -195,17 +196,11 @@ Allow Ceph auth ID ``alice`` access to the share using ``cephx`` access type.
manila access-allow cephshare1 cephx alice
Note the access status, and the access/secret key of ``alice``.
Mounting shares using FUSE client
---------------------------------
.. code-block:: console
Using the secret key of the authorized ID ``alice`` create a keyring file,
``alice.keyring`` like:
.. code-block:: ini
[client.alice]
key = AQA8+ANW/4ZWNRAAOtWJMFPEihBA1unFImJczA==
manila access-list cephshare1
.. note::
@ -232,6 +227,19 @@ Using the secret key of the authorized ID ``alice`` create a keyring file,
For more details, please see the Ceph documentation.
http://docs.ceph.com/docs/jewel/rados/operations/user-management/#add-a-user
Mounting shares using FUSE client
---------------------------------
Using the secret key of the authorized ID ``alice`` create a keyring file,
``alice.keyring`` like:
.. code-block:: ini
[client.alice]
key = AQA8+ANW/4ZWNRAAOtWJMFPEihBA1unFImJczA==
Using the mon IP addresses from the share's export location, create a
configuration file, ``ceph.conf`` like:
@ -257,19 +265,12 @@ from the share's export location:
Known restrictions
------------------
Mitaka release
Consider the driver as a building block for supporting multi-tenant
workloads in the future. However, it can be used in private cloud
deployments.
- The guests have direct access to Ceph's public network.
- The secret-key of a Ceph auth ID required to mount a share is not exposed to
an user by a manila API. To workaround this, the storage admin would need to
pass the key out of band of manila, or the user would need to use the Ceph ID
and key already created and shared with her by the cloud admin.
- The snapshot support of the driver is disabled by default.
``cephfs_enable_snapshots`` configuration option needs to be set to ``True``
to allow snapshot operations.
@ -281,12 +282,17 @@ deployments.
- To restrict share sizes, CephFS uses quotas that are enforced in the client
side. The CephFS clients are relied on to respect quotas.
Mitaka release
- The secret-key of a Ceph auth ID required to mount a share is not exposed to
an user by a manila API. To workaround this, the storage admin would need to
pass the key out of band of manila, or the user would need to use the Ceph ID
and key already created and shared with her by the cloud admin.
Security
--------
Mitaka release
- Each share's data is mapped to a distinct Ceph RADOS namespace. A guest is
restricted to access only that particular RADOS namespace.
http://docs.ceph.com/docs/master/cephfs/file-layouts/